[go: up one dir, main page]

CN115150076B - An encryption system and method based on quantum random numbers - Google Patents

An encryption system and method based on quantum random numbers Download PDF

Info

Publication number
CN115150076B
CN115150076B CN202210745366.6A CN202210745366A CN115150076B CN 115150076 B CN115150076 B CN 115150076B CN 202210745366 A CN202210745366 A CN 202210745366A CN 115150076 B CN115150076 B CN 115150076B
Authority
CN
China
Prior art keywords
transmitted
information
client
data
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210745366.6A
Other languages
Chinese (zh)
Other versions
CN115150076A (en
Inventor
樊杰
宋斌
钟有为
安伟
李钰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Trustmobi Software Beijing Co ltd
Original Assignee
Trustmobi Software Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Trustmobi Software Beijing Co ltd filed Critical Trustmobi Software Beijing Co ltd
Priority to CN202210745366.6A priority Critical patent/CN115150076B/en
Publication of CN115150076A publication Critical patent/CN115150076A/en
Application granted granted Critical
Publication of CN115150076B publication Critical patent/CN115150076B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明涉及一种基于量子随机数的加密系统及方法。所述加密系统至少包括:至少两个客户端、服务器和量子随机数发生器。客户端能够作为待传输信息的发送方或者接收方。服务器能够接收客户端所发送的与客户端相对应的公钥,并将作为待传输信息的接收方的客户端的公钥发送至作为待传输信息的发送方的客户端。量子随机数发生器能够向服务器发送与待传输信息相对应的量子随机密钥。作为待传输信息的发送方的客户端使用量子随机密钥对待传输信息进行加密,并将包括待传输信息的待传输数据发送至作为待传输信息的接收方的客户端。作为待传输信息的接收方的客户端通过量子随机密钥获取待传输信息。所述加密方法能够应用于所述加密系统。

The present invention relates to an encryption system and method based on quantum random numbers. The encryption system at least includes: at least two clients, a server and a quantum random number generator. The client can serve as a sender or receiver of information to be transmitted. The server can receive a public key corresponding to the client sent by the client, and send the public key of the client as the receiver of the information to be transmitted to the client as the sender of the information to be transmitted. The quantum random number generator can send a quantum random key corresponding to the information to be transmitted to the server. The client as the sender of the information to be transmitted uses the quantum random key to encrypt the information to be transmitted, and sends the data to be transmitted including the information to be transmitted to the client as the receiver of the information to be transmitted. The client as the receiver of the information to be transmitted obtains the information to be transmitted through the quantum random key. The encryption method can be applied to the encryption system.

Description

Encryption system and method based on quantum random numbers
Technical Field
The invention relates to the technical field of quantum encryption, in particular to an encryption system and method based on quantum random numbers.
Background
In recent years, the development of instant messaging software has been rapidly advanced. In a short period of years, the network instant messaging software has the potential to replace the traditional communication mode. Instant messaging software is no longer a mere chat tool and has evolved into a comprehensive informationized platform integrating communication, information, e-commerce, office collaboration and enterprise customer services. With the development of mobile internet, internet instant messaging software is expanding to mobile, i.e. the instant messaging software gradually develops from the initial personal life chat application to an information platform integrating enterprise office communication, customer service communication, electronic commerce and the like. However, when an enterprise builds a platform related to internal instant messaging, the most important problem is data security, and especially for some units with higher security requirements in the country, the data security problem is more troublesome. For example, when a citizen uses a mobile phone to talk or send and receive short messages, lawbreakers can perform wireless signal filtering, monitoring, signal decryption and the like on communication contents transmitted by the citizen through fixed equipment or unmanned aerial vehicle. If the instant messaging software or the related platform cannot ensure the safety of the encrypted transmission of the data, the user can only communicate in a face-to-face communication mode, so that the working efficiency is greatly reduced. Therefore, the instant messaging software or related platform used by the units or personnel with higher security requirements or involved security needs to meet the basic functions required by the instant messaging and ensure the security of encrypted transmission of data in the communication process, so that even if the data is monitored/intercepted in the transmission process, the data cannot be deciphered.
The existing application program/client for instant messaging generally adopts an encryption mechanism combining asymmetric encryption and symmetric encryption, namely, a user generates two keys when installing the application program/client for instant messaging. The two keys are a public key and a private key respectively. And a public key corresponds one-to-one with a private key. An application/client for instant messaging encrypts data using a public key and decrypts using a corresponding private key. When an application program/client for instant messaging transmits data, the application program/client generates a new key to encrypt the data, so that one-time encryption is realized, and the safe transmission of the data is ensured.
However, the prior art still has the technical disadvantage that the existing application/client for instant messaging is usually encrypted by a pseudo-random number generated by a soft algorithm, i.e. the random number is generated by some mathematical algorithm, and the random number is not a true random number. This is because cryptographically secure pseudo-random numbers are not compressible, whereas the true random numbers corresponding thereto are usually only generated by a physical system. Thus, the existing technology for encrypting the pseudo random number generated by the soft algorithm has a certain security risk. If the soft algorithm is set to lack of rigor, the soft algorithm will generate repeated random keys, so that the storage medium may be attacked and cracked, and finally security events such as key leakage may be caused. For example, the existing RSA public key cryptography algorithm is the most widely used one currently used for secure communications and digital signatures over networks. The security of the RSA public key crypto algorithm is based on the difficulty of prime number decomposition in the number theory, so that the RSA public key crypto algorithm needs to use a large enough integer. In short, if factorization is more difficult, the password is more difficult to be decrypted, and the security strength of the password is higher. If one finds an algorithm that can quickly decompose the factors, the reliability of the information encrypted by the RSA public key cryptography algorithm drops dramatically. For example, with the advent of SHOR algorithm and the deep research of quantum computer, the parallelism of quantum computing can be utilized to quickly decompose a large number of quality factors, so that the quantum computer can easily crack the encryption algorithm (such as RSA public key cryptography algorithm) widely used at present, and seriously threaten the information security in the fields of banks, networks, electronic commerce and the like. The existing encryption and decryption system comprises symmetric encryption and asymmetric encryption, and if the existing encryption and decryption system is decrypted by using a supercomputer, the supercomputer decrypts the plaintext (such as encryption information) in transmission only in time. Accordingly, there is a need for improvements in light of the deficiencies of the prior art.
Furthermore, since the applicant has studied numerous documents and patents on the one hand, and since the applicant has made the present invention, the text is not to be limited to all details and matters of detail, but this is by no means the present invention does not feature these prior art features, but rather the present invention has features of all prior art, and the applicant has remained in the background art to which this invention pertains.
Disclosure of Invention
Existing applications/clients for instant messaging typically encrypt the random numbers by a soft algorithm, i.e., by some mathematical algorithm, which is not truly random. This is because cryptographically secure pseudo-random numbers are not compressible, whereas the true random numbers corresponding thereto are usually only generated by a physical system. Therefore, the existing technology for encrypting the information to be transmitted by using the pseudo random number generated by the soft algorithm has a certain security risk.
Aiming at the defects of the prior art, the invention provides an encryption system and method based on quantum random numbers.
The method at least comprises the following steps:
at least two clients send public keys corresponding to the clients to a server, wherein the clients can serve as a sender or a receiver of information to be transmitted;
The server receives the public key corresponding to the client sent by the client, and sends the public key of the client serving as a receiver of the information to be transmitted to the client serving as a sender of the information to be transmitted;
the quantum random number generator sends a quantum random key corresponding to the information to be transmitted to the server, and the server receives the quantum random key;
the server sends the quantum random key to a client which is used as a sender of the information to be transmitted;
The client serving as a sender of the information to be transmitted encrypts the information to be transmitted by using the quantum random key, encrypts the quantum random key by using a public key of the client serving as a receiver of the information to be transmitted, and sends data to be transmitted, which at least comprises the information to be transmitted and the quantum random key, to the client serving as the receiver of the information to be transmitted;
After the client serving as the receiving party of the information to be transmitted receives the information to be transmitted, decrypting the quantum random key to obtain the quantum random key, and decrypting the information to be transmitted by using the quantum random key to obtain the information to be transmitted.
However, the structure, the traffic rate, the access address, etc. of the data packets (such as the information to be transmitted) in the data transmission channel between the clients are usually fixed or regularly and circulated, and the data traffic of other application programs is not confused in the data transmission channel, so that the data packets are easy to be analyzed and/or positioned by some lawless persons, and there is a security risk of information leakage. Therefore, the client serving as a sender of the information to be transmitted transmits the data to be transmitted containing the information to be transmitted and the quantum random key to the client serving as a receiver of the information to be transmitted based on a confusion protocol. The confusion protocol mainly realizes the protection of the information to be transmitted by the client by carrying out confusion on the information to be transmitted in the data transmission channel.
According to a preferred embodiment, the step of sending the data to be transmitted including the information to be transmitted and the quantum random key to the client that is the receiving party of the information to be transmitted includes:
The client serving as a sender of the information to be transmitted at least masquerades the information to be transmitted in the data to be transmitted based on a confusion protocol and forms first masquerade data;
the server acquires the first disguised data, and analyzes the first disguised data according to the confusion protocol to acquire a real request in the information to be transmitted;
The server forwards the first disguised data to a client of the receiver which is the information to be transmitted and corresponds to the real request based on the real request;
the client side of the receiver serving as the information to be transmitted acquires the first disguised data forwarded by the server;
And the client side of the receiver serving as the information to be transmitted analyzes the first disguised data forwarded by the server based on the confusion protocol, and acquires the data to be transmitted from the first disguised data.
According to a preferred embodiment, the first masquerading data comprises at least information to be transmitted, a quantum random key, a masquerading request, and an identifier. The masquerading request corresponding to the real request in the information to be transmitted is generated by the client that is the sender of the information to be transmitted based on the obfuscation protocol. The identifier is used to identify a masquerading algorithm used by the client in generating the masquerading request. In the case where a plurality of the servers can form a server group, the client that is the sender of the information to be transmitted can send the first masquerading data to at least one server corresponding to the masquerading request in the server group based on the masquerading request.
According to a preferred embodiment, the method for camouflaging information to be transmitted comprises:
the client side serving as a sender of the information to be transmitted generates the disguised request through the disguising algorithm so as to hide the real request corresponding to the information to be transmitted;
and the client side serving as a sender of the information to be transmitted merges the information to be transmitted, the quantum random key, the disguise request and the identifier corresponding to the disguise algorithm into the first disguise data.
According to the configuration mode, the client can disguise the real request in the information to be transmitted by utilizing various algorithms, and can add the disguised request randomly generated by the disguise algorithm into the first disguise data, so that randomness of a server accessed by the client/the client serving as a receiver of the information to be transmitted is ensured, meanwhile, the real request corresponding to the information to be transmitted and the client serving as the receiver of the information to be transmitted, which corresponds to the real request, are prevented from being obtained through lawless analysis, meanwhile, the client and the server can disguise the real request in the information to be transmitted based on a confusion protocol, and the first disguise data is forwarded to the client serving as the receiver of the information to be transmitted, which corresponds to the real request, through the randomly generated disguise request, so that the real request of the information to be transmitted is hidden, and leakage of the information to be transmitted is prevented.
The access address of the data transmitted by the client is often fixed in the prior art. The information to be transmitted sent by the client in the invention is transmitted to the client which is the receiving side of the information to be transmitted through any one or more servers in the server group. Because the first disguised data corresponding to the information to be transmitted can be forwarded to the client of the receiver of the information to be transmitted corresponding to the real request through a random server, the data transmission channel for transmitting the information to be transmitted is in continuous change and is irregular and circulated, thereby preventing lawless persons from acquiring the information to be transmitted (such as the real request) and/or acquiring related information of the information to be transmitted from the fixed data transmission channel.
According to a preferred embodiment, the method for camouflaging information to be transmitted further comprises:
the client side serving as a sender of the information to be transmitted performs random filling and/or multi-frequency Bit flow camouflage transmission on the information to be transmitted in the data to be transmitted so as to confuse the information to be transmitted and prevent the information from being deciphered by lawbreakers.
In the prior art, data traffic of other application programs and the like cannot be mixed into the information to be transmitted in the transmission of the information to be transmitted, and the structure, the traffic rate and the like of the information to be transmitted in the transmission process are regular and circulated, so that the information to be transmitted is easy to be analyzed by lawless persons to obtain the relevant rules of the information to be transmitted, and the information to be transmitted is further leaked. The invention adds multi-node flow confusion, namely, randomly filling the information to be transmitted in the data to be transmitted and/or carrying out multi-frequency Bit flow camouflage transmission, so that the characteristics of the information to be transmitted, such as the structure, the flow rate and the like, in the transmission process are irregular and can be circulated, thereby realizing the confusion of the information to be transmitted and preventing the information to be transmitted from being deciphered by lawbreakers.
Through the configuration mode, the client side of the invention randomly mixes the real information to be transmitted into the data packets of other application programs, and forwards the first camouflage data to one or more servers in batches at random (for example, the sending time of the first camouflage data is also randomly set through a random algorithm), so that the characteristics of the data packets of the transmitted first camouflage data, such as the structure, the flow rate and the like, are irregularly circulated, and the purpose of confusing a data eavesdropper is achieved. When the client and the server transmit information to be transmitted or first camouflage data, the client camouflage the encrypted information to be transmitted or the data packet of the first camouflage data into the data packet which has the same/similar structure as other application programs and/or the encrypted data packet of the information to be transmitted or the data packet of the first camouflage data is hidden in the data packet of other application programs and then transmitted to the server in batches, so that the aim of confusing a data eavesdropper is fulfilled.
According to a preferred embodiment, the quantum random number generator is capable of sending the quantum random key to the server when the information to be transmitted is generated, the server being capable of numbering the quantum random key and receiving the quantum random key in dependence of the numbering.
According to a preferred embodiment, the client as the sender of the information to be transmitted can send a request to the server when generating the information to be transmitted, where the request is used to request the server for a quantum random key corresponding to the information to be transmitted. The server can acquire the request in real time and send the quantum random key corresponding to the information to be transmitted to the client side which sends the request.
According to a preferred embodiment, the client of the receiver of the information to be transmitted is able to send second disguised data to the server, in case the client of the receiver of the information to be transmitted has acquired the information to be transmitted. The second camouflage data at least comprises response data corresponding to the information to be transmitted in the first camouflage data.
The invention also provides an encryption system based on the quantum random number. The encryption system at least comprises at least two clients, a server and a quantum random number generator.
At least two clients are configured to be able to act as a sender or receiver of information to be transmitted.
The server is configured to be able to receive the public key corresponding to the client transmitted by the client and transmit the public key of the client as a receiver of the information to be transmitted to the client as a sender of the information to be transmitted.
The quantum random number generator is configured to be able to send a quantum random key corresponding to the information to be transmitted to the server.
And under the condition that the server sends the quantum random key to the client side serving as the sender of the information to be transmitted, the client side serving as the sender of the information to be transmitted encrypts the information to be transmitted by using the quantum random key, and sends data to be transmitted, which at least comprises the information to be transmitted and the quantum random key, to the client side serving as the receiver of the information to be transmitted, wherein the client side serving as the receiver of the information to be transmitted acquires the information to be transmitted through the quantum random key so as to realize secure communication between the client sides.
The invention adopts the quantum random generator to generate the quantum random number/quantum random key, namely the generated quantum random number/quantum random key is a true random number, and can be fetched along with use. The security of quantum cryptography (e.g., quantum random number/quantum random key) is ensured by the physical properties of inaccurate measurement, inseparability, irreproducibility, etc. of the quantum state. While measuring the quantum state according to the "measurement collapse theory" will change the original quantum state, i.e. the data eavesdropping behavior of the data eavesdropper will introduce additional bit errors into the original quantum state. For example, when no data eavesdropper exists in the data transmission channel, the bit error rate of the quantum password is zero, and when the data eavesdropper exists in the data transmission channel, the bit error rate of the quantum password is twenty-five percent. When the bit error rate of the quantum cipher exceeds a threshold value, the existence of a data eavesdropper in the data transmission channel is indicated. The early warning module in data connection with the quantum random generator can send alarm information to the server, and the server can discard the distributed quantum random key based on the alarm information. Through the configuration mode, namely, the information content (such as information to be transmitted) of the instant messaging is encrypted by using the true quantum random number (such as a quantum random key) as an encryption key, so that the indecipherability and the uniqueness of the information content of the instant messaging are ensured, and the safe communication between the clients is further realized. In addition, the invention can also reduce the operation time consumed by the client to generate the pseudo random number by using the soft algorithm, thereby improving the efficiency, can also play a role in the confidentiality of information by combining the modern cryptographic algorithm (such as SM4, AES and the like), and can play a role in the authenticity, integrity and other requirements of information beyond confidentiality by combining authentication and other cryptographic algorithms.
Drawings
Fig. 1 is a simplified schematic diagram of a module connection relationship according to a preferred embodiment of the present invention.
List of reference numerals
1, A client, 2, a server and 3, a quantum random number generator.
Detailed Description
The following detailed description refers to the accompanying drawings.
The invention also provides an encryption method based on the quantum random number. The encryption method at least comprises the following steps:
At least two clients 1 send public keys corresponding to the clients 1 to the server 2, wherein the clients 1 can serve as a sender or a receiver of information to be transmitted;
The server 2 receives the public key corresponding to the client 1 transmitted by the client 1, and the server 2 transmits the public key of the client 1 as a receiver of the information to be transmitted to the client 1 as a sender of the information to be transmitted.
The quantum random number generator 3 sends a quantum random key corresponding to the information to be transmitted to the server 2. The server 2 receives the quantum random key.
The server 2 transmits the quantum random key to the client 1 as a sender of information to be transmitted.
Preferably, the encryption method further includes:
The client 1 serving as a sender of the information to be transmitted encrypts the information to be transmitted by using a quantum random key, encrypts the quantum random key by using a public key of the client 1 serving as a receiver of the information to be transmitted, and then sends data to be transmitted, which at least comprises the information to be transmitted and the quantum random key, to the client 1 serving as the receiver of the information to be transmitted;
After receiving the information to be transmitted, the client 1 as the receiver of the information to be transmitted decrypts the quantum random key to obtain the quantum random key, and the client 1 as the receiver of the information to be transmitted decrypts the information to be transmitted by using the quantum random key to obtain the information to be transmitted.
The information to be transmitted is information transmitted between the client 1 as a sender of the information to be transmitted and the client 1 as a receiver of the information to be transmitted.
The quantum random number generator 3 is capable of automatically generating a quantum random key.
Preferably, the quantum random key corresponding to the information to be transmitted, which is sent by the quantum random number generator 3 to the server 2, corresponds to the information to be transmitted one by one. Preferably, each piece of information to be transmitted corresponds to a new quantum random key.
Preferably, the server 2 transmits the quantum random key to the client 1, which is the sender of the information to be transmitted, through a bi-directional HTTPS transmission channel.
Preferably, the client 1, which is the sender of the information to be transmitted, encrypts the information to be transmitted using a quantum random key and using a symmetric encryption mechanism.
Preferably, the client 1 as the sender of the information to be transmitted transmits the data to be transmitted containing the information to be transmitted to the client 1 as the receiver of the information to be transmitted based on the confusion protocol.
The data to be transmitted comprises at least the information to be transmitted and the quantum random key.
Preferably, a private key used by the client 1 as a recipient of the information to be transmitted is stored in the client 1.
Preferably, after receiving the information to be transmitted, the client 1 as the receiving party of the information to be transmitted decrypts the public key-encrypted quantum random key in the data to be transmitted by using the private key corresponding to the public key to obtain the quantum random key.
Preferably, the client 1, which is the receiving side of the information to be transmitted, decrypts the information to be transmitted encrypted by the quantum random key using the quantum random key to acquire the information to be transmitted.
Preferably, the step of transmitting the data to be transmitted including the information to be transmitted to the client 1 as the receiving side of the information to be transmitted includes:
The client 1 serving as a sender of the information to be transmitted at least masquerades the information to be transmitted in the data to be transmitted based on the confusion protocol and forms first masquerade data;
the server 2 acquires first disguised data, and analyzes the first disguised data according to a confusion protocol to acquire a real request in the information to be transmitted;
The server 2 forwards the first masquerading data to the client 1 as a receiver of information to be transmitted corresponding to the real request based on the real request;
a client 1 as a receiver of information to be transmitted acquires first disguised data forwarded by a server 2;
The client 1 as the receiving side of the information to be transmitted parses the first masquerading data forwarded by the server 2 based on the confusion protocol, and acquires the data to be transmitted from the first masquerading data.
Particularly preferably, the number of servers 2 is two or more.
The real request is the address of the client 1 as the recipient of the information to be transmitted.
The confusion protocol at least comprises a method for disguising information to be transmitted and/or switching a data transmission channel for transmitting the information to be transmitted between the client 1, the server 2 and the client 1 which is a receiver of the information to be transmitted, so that the information to be transmitted in the data transmission channel is confused by the method to realize the protection of the information to be transmitted.
Since the security of the data transmission channel between the client 1 and the client 1 as the receiving party of the information to be transmitted is not high enough, the present invention proposes a rule for protecting the information to be transmitted in the data transmission channel, i.e. a confusion protocol.
The purpose of switching the data transmission channel by the confusion protocol is to forward the information to be transmitted to the client 1 as the receiving party of the information to be transmitted through the server 2 corresponding to the randomly generated camouflage request by using the camouflage request, that is, to transmit and confuse the information to be transmitted through multiple nodes (such as a server 2 group). The server 2 group includes a plurality of servers 2, and the information to be transmitted can be forwarded by any one server 2 in the server 2 group to the client 1 as the receiving party of the information to be transmitted, so that the data transmission channel formed in the process that the information to be transmitted is transmitted from the client 1 to the client 1 as the receiving party of the information to be transmitted is changed randomly, and finally, the protection of the information to be transmitted is realized by the random data transmission channel of the information to be transmitted.
The obfuscation protocol can also include an encryption method that secondarily encrypts the information to be transmitted/the first camouflage data. The encryption method may be an asymmetric encryption and/or a symmetric encryption algorithm.
The data in the data transmission channel comprises at least the information to be transmitted.
The data within the data transmission channel may also include first camouflage data.
Preferably, the first masquerading data includes at least information to be transmitted, a quantum random key, a masquerading request corresponding to a real request in the information to be transmitted, the masquerading request being generated by the client 1 as a sender of the information to be transmitted based on a confusion protocol, and an identifier for identifying a masquerading algorithm used by the client 1 as a sender of the information to be transmitted in generating the masquerading request. In the case where a plurality of servers 2 can form a server 2 group, the client 1, which is the sender of information to be transmitted, can send first masquerading data to at least one server 2 corresponding to the masquerading request in the server 2 group based on the masquerading request.
The information to be transmitted comprises at least the real request. The real request is the address of the client 1 as the receiver of the information to be transmitted to which the information to be transmitted is to be transmitted.
The kind of information to be transmitted may be determined according to the needs of the user.
The masquerading request is an address corresponding to any one of the servers 2 that is randomly generated by the client 1 masquerading the real request in the information to be transmitted.
The types of the information to be transmitted can be added or subtracted according to the actual application scene.
For example, the information to be transmitted may include the information to be transmitted and the real request, and the first masquerading data includes the information to be transmitted, the real request and the masquerading request.
The client 1, the server 2 and the client 1 as the receiving party of the information to be transmitted can all transmit the information to be transmitted based on HTTPS protocol and confusion protocol.
Preferably, the method for camouflaging the information to be transmitted comprises the following steps:
The client 1 as a sender of the information to be transmitted generates a masquerading request through a masquerading algorithm so as to hide a real request corresponding to the information to be transmitted;
The client 1, which is the sender of the information to be transmitted, merges the information to be transmitted, the masquerading request, and the identifier corresponding to the masquerading algorithm into first masquerading data.
Preferably, the method for camouflage of the information to be transmitted further comprises:
The client 1 serving as a sender of the information to be transmitted performs random filling and/or multi-frequency Bit flow camouflage transmission on the information to be transmitted in the data to be transmitted so as to confuse the information to be transmitted and prevent the information from being deciphered by lawbreakers.
Preferably, both the server 2 and the client 1, which is the recipient of the information to be transmitted, are able to masquerade based on the obfuscation protocol for the real request in the information to be transmitted.
In order to ensure the efficiency of data transmission, the HTTPS protocol uses symmetric encryption for data transmission after successful certificate verification, i.e. the HTTPS protocol uses asymmetric encryption only in the certificate verification stage. If the lawless persons intercept the information to be transmitted in the data transmission, the key adopted by the symmetric encryption is a pseudo-random number, and the current computer technology is in a rapid development stage, so that the information to be transmitted is very likely to be deciphered by the lawless persons within a certain time after the information to be transmitted is intercepted.
Therefore, the invention performs asymmetric encryption again on the basis of the symmetric encryption of the information to be transmitted. The operation not only does not significantly affect the efficiency of transmitting the information to be transmitted, but also greatly improves the safety of data transmission, namely, the information to be transmitted cannot be cracked even if lawless persons intercept the information to be transmitted which is subjected to symmetric encryption and asymmetric encryption.
Before the client 1 sends the information to be transmitted to the server 2, the client 1 encrypts the information to be transmitted through an asymmetric encryption algorithm and a symmetric encryption algorithm, and then the client 1 rewrites the real request in the information to be transmitted to disguise/hide the real request and generate a disguised request.
The masquerading request is randomly generated by the client 1 using a masquerading algorithm.
The masquerading algorithm has a specific identifier in the obfuscation protocol.
Particularly preferably, the first camouflage data can also comprise an identifier of a camouflage algorithm used by the client 1 to camouflage the current information to be transmitted.
The identifier may take the form of one or more of a number, letter, etc.
For example, if the identifier is "a", it means that the camouflage algorithm used by the client 1 to camouflage the current information to be transmitted is a first camouflage algorithm, and if the identifier is "B", the camouflage algorithm used by the client 1 to camouflage the current information to be transmitted is a second camouflage algorithm, and so on.
The camouflage algorithm can be flexibly selected according to the requirements of actual application scenes. The masquerading algorithm may be a message digest algorithm, a secure hash algorithm, a message authentication code algorithm, a cut algorithm, a parallel splice algorithm, etc. When the disguising request of the client 1 of the sender of the information to be transmitted is disguised by using a disguising algorithm and then sent to the server 2 or one server in the server group, the server 2 finds the corresponding disguising algorithm used by the client 1 of the sender of the information to be transmitted according to the disguising algorithm identifier contained in the first disguising data, and then analyzes the real address of the client 1 of the receiver of the information to be transmitted based on the disguising algorithm. And then, the server 2 sends the first disguised data to the corresponding client side 1 of the information receiver to be transmitted according to the real address of the client side 1 of the information receiver to be transmitted obtained through analysis.
For example, when the number of clients 1 as the recipients of the information to be transmitted is only one, the masquerading request indicates which server 2 of the server 2 group the first masquerading data is forwarded to the clients 1 as the recipients of the information to be transmitted, and when the number of clients 1 as the recipients of the information to be transmitted is more than one, the masquerading request indicates which server 2 the first masquerading data is forwarded to which client 1 as the recipients of the information to be transmitted.
The disguising of the client 1 for the real request in the information to be transmitted is achieved by overwriting the network request interface.
The client 1 transmits the first masquerading data to the servers 2 corresponding to the masquerading request in the server 2 group based on the masquerading request. The server 2 corresponding to the masquerading request can parse the first masquerading data based on the confusion protocol to obtain a real request corresponding to the information to be transmitted.
For example, the address (i.e., the real request) of the client 1 as the receiving side of the information to be transmitted corresponding to a certain information to be transmitted is www.cloudfront.com. And masquerading requests may employ any one or more of masquerading addresses of a.com, b.net, and c.org.
After the server 2 corresponding to the disguised request in the server 2 group receives the first disguised data sent by the client 1, the server 2 can obtain an identifier in the first disguised data based on a confusion protocol, analyze a disguised algorithm used by the client 1 corresponding to the current first disguised data through the identifier, and analyze a real request corresponding to information to be transmitted from the first disguised data (such as the disguised request in the first disguised data) based on the disguised algorithm. Then, the one or more servers 2 forward the first disguised data to the client 1 as the receiver of the information to be transmitted, which corresponds to the real request, in batches based on the real request corresponding to the information to be transmitted.
Preferably, the server 2 and the client 1 as the receiving side of the information to be transmitted may employ the same model of the server 2.
Preferably, the server 2 is able to switch over with the work responsibilities assumed by the client 1 as the recipient of the information to be transmitted. For example, the client 1 as the receiver of the information to be transmitted may be one server 2 in the group of servers 2, and one server 2 in the group of servers 2 may be the client 1 as the receiver of the information to be transmitted.
Through the configuration mode, the client 1 can disguise the real request in the information to be transmitted by utilizing various algorithms, and can add the disguised request randomly generated by the disguise algorithm into the first disguise data, so that the randomness of the server 2 accessed by the client 1/the client 1 serving as the receiver of the information to be transmitted is ensured, meanwhile, the real request corresponding to the information to be transmitted and the client 1 serving as the receiver of the information to be transmitted, which corresponds to the real request, are prevented from being obtained by lawless analysis, meanwhile, the client 1 and the server 2 can disguise the real request in the information to be transmitted based on a confusion protocol, and the first disguise data is forwarded to the client 1 serving as the receiver of the information to be transmitted, which corresponds to the real request, through the server 2 corresponding to the disguise request, so that the real request of the information to be transmitted is hidden, and leakage of the information to be transmitted is prevented.
The access address of the data transmitted by the client 1 in the prior art is often fixed. The information to be transmitted sent by the client 1 in the present invention is transmitted to the client 1 as the receiving side of the information to be transmitted through any one or more servers 2 in the server 2 group. Because the first disguised data corresponding to the information to be transmitted can be forwarded to the client 1 as the receiver of the information to be transmitted corresponding to the real request through the random server 2, the data transmission channel for transmitting the information to be transmitted is in continuous change and is irregular and circulated, thereby preventing lawless persons from acquiring the information to be transmitted (such as the real request) and/or acquiring the related information of the information to be transmitted from the fixed data transmission channel.
In the case of only one server 2, although the transmission path of the information to be transmitted cannot be randomly transformed, the flow disguising and random packing method can be applied to the information to be transmitted to protect the information to be transmitted.
Preferably, the method for camouflage of the information to be transmitted further comprises:
the client 1 performs random filling and/or multi-frequency Bit flow camouflage transmission on information to be transmitted in the data to be transmitted so as to confuse the information to be transmitted and prevent the information from being deciphered by lawbreakers.
The client 1 can disguise the information to be transmitted as a data packet (e.g., a data packet of a video music application program) having a different structure from the information to be transmitted by using a corresponding script, and perform interaction with the server 2 at an indefinite time to form the illusion of multi-frequency Bit traffic disguise transmission. Meanwhile, the client 1 can randomly mix data of other application programs into information to be transmitted, namely after the information to be transmitted is divided into a plurality of sub-data packets, the sub-data packets are hidden in the data packets of other application programs in batches, and the data packets of other application programs are transmitted to the server 2 or the client 1 serving as a receiving party of the information to be transmitted in sections, so that the information to be transmitted is confused and prevented from being decoded by lawbreakers.
In the prior art, data traffic of other application programs and the like cannot be mixed into the information to be transmitted in the transmission of the information to be transmitted, and the structure, the traffic rate and the like of the information to be transmitted in the transmission process are regular and circulated, so that the information to be transmitted is easy to be analyzed by lawless persons to obtain the relevant rules of the information to be transmitted, and the information to be transmitted is further leaked. The invention adds multi-node flow confusion, namely, randomly filling the information to be transmitted in the data to be transmitted and/or carrying out multi-frequency Bit flow camouflage transmission, so that the characteristics of the information to be transmitted, such as the structure, the flow rate and the like, in the transmission process are irregular and can be circulated, thereby realizing the confusion of the information to be transmitted and preventing the information to be transmitted from being deciphered by lawless persons.
The step of randomly filling the information to be transmitted in the data to be transmitted by the client 1 comprises the following steps:
judging whether the information to be transmitted reaches a triggering condition for triggering random filling;
randomly dividing information to be transmitted into a plurality of sub-data packets;
Generating a filling data packet to be filled;
randomly doping the filling data packet among a plurality of sub data packets;
sub-packets containing stuffing packets are sent to the server 2 or the client 1 as a recipient of the information to be transmitted in batches.
The client 1 judges whether the information to be transmitted reaches a trigger condition for triggering random filling. The trigger condition may be set manually according to the actual application scenario. For example, the client 1 may be able to add a specific trigger identifier to the information to be transmitted. If the client 1 identifies the information to be transmitted and finds that the first camouflage data has the trigger identifier, the information to be transmitted is identified by the client 1 as the information to be transmitted reaching the trigger condition triggering random filling, and if the client 1 identifies the information to be transmitted and finds that the first camouflage data does not have the trigger identifier, the information to be transmitted is identified by the client 1 as the information to be transmitted not reaching the trigger condition triggering random filling.
The triggering condition may be randomly generated by a corresponding algorithm, that is, the operation of the client 1 for random packet filling transmission of the information to be transmitted is random.
The information to be transmitted is randomly divided into a plurality of sub-data packets, so that the characteristics of the size, the number and the like of the sub-data packets are irregular and circulated.
If the client 1 analyzes the information to be transmitted and judges that the current information to be transmitted reaches the triggering condition preset by triggering, the client 1 generates a filling data packet for filling the information to be transmitted/the first camouflage data according to a corresponding algorithm. The stuffing packets may be packets having the same/similar structure as other applications (e.g., video, music, etc.) applications. The structure is the same as or similar to the structure, flow rate, frequency and other features of the data packet.
The number of padding packets that are padded between two sub-packets is random.
The time at which the client 1 transmits the sub-packet containing the padding packet to the server 2 or the client 1 as the recipient of the information to be transmitted may also be random.
Preferably, the server 2 or the client 1, which is a receiving side of the information to be transmitted, is capable of receiving a plurality of sub-packets in a segmented reception manner to reassemble the plurality of sub-packets into the first camouflage data.
By the configuration mode, the real information to be transmitted is randomly mixed into the data packets of other application programs, and the first camouflage data is forwarded to one or more servers 2 in batches at random (for example, the sending time of the first camouflage data is also randomly set by a random algorithm), so that the characteristics of the data packets of the transmitted first camouflage data, such as the structure, the flow rate and the like, can be irregularly circulated, and the purpose of confusing a data eavesdropper is achieved.
The step of the client 1 for carrying out multi-frequency Bit flow camouflage transmission on information to be transmitted in data to be transmitted comprises the following steps:
judging whether the information to be transmitted reaches a triggering condition for triggering multi-frequency Bit flow camouflage transmission or not;
analyzing the format of a data packet of the target application program;
Disguising information to be transmitted as a data packet of the target application program based on the format of the data packet of the target application program;
the disguised information to be transmitted is transmitted to the server 2 or the client 1 as a receiving side of the information to be transmitted.
The client 1 judges whether the current information to be transmitted reaches a triggering condition for triggering Bit flow camouflage transmission. The trigger condition may be set manually according to the actual application scenario. For example, the client 1 may be able to add a specific trigger identifier to the information to be transmitted. If the client 1 identifies the information to be transmitted and finds that the first camouflage data has the trigger identifier, the information to be transmitted is identified by the client 1 as the information to be transmitted which reaches the trigger condition of camouflage transmission by using the Bit flow, and if the client 1 identifies the information to be transmitted and finds that the first camouflage data does not have the trigger identifier, the information to be transmitted is identified by the client 1 as the information to be transmitted which does not reach the trigger condition of camouflage transmission by using the Bit flow.
The triggering condition can be randomly generated by a corresponding algorithm, namely, the operation of the client 1 for carrying out Bit flow camouflage transmission on the information to be transmitted is random.
The client 1 and the server 2 can disguise the traffic of the data packet to be transmitted by adopting methods such as traffic filling, traffic normalization, traffic disguising and the like.
The client 1 and the server 2 can disguise the flow of the data packet to be transmitted by adopting methods such as rerouting, adding garbage packets, packet loss, inclusion union, packet fragmentation, packet disorder, stream mixing, stream segmentation, stream merging and the like.
Particularly preferably, the client 1 and the server 2 of the present invention disguise the information to be transmitted by disguising the encrypted information to be transmitted as a packet in the same or similar format/structure as that of other applications (such as video, music, etc. applications).
For example, the client 1 needs to disguise the information to be transmitted this time into the format of the data packet of the target application program (such as a certain music application program), so that the client 1 may analyze the format/structure of the data packet of the target application program first, and disguise the information to be transmitted into the format/structure of the data packet of the music application program, so that the lawbreaker cannot identify the disguised information to be transmitted, and finally, the purpose of confusing the data eavesdropper is achieved.
Through the above configuration manner, when the client 1 and the server 2 transmit the information to be transmitted or the first camouflage data, the encrypted data packet of the information to be transmitted or the first camouflage data is camouflaged into the data packet with the same/similar structure as other application programs and/or the encrypted data packet of the information to be transmitted or the first camouflage data is hidden in the data packet of other application programs, and then the data packet is forwarded to the server 2 in batches, so as to achieve the purpose of confusing the data eavesdropper.
Preferably, the quantum random number generator 3 is capable of transmitting the quantum random key to the server 2 when the information to be transmitted is generated, and the server 2 is capable of numbering the quantum random key and receiving the quantum random key according to the number.
Preferably, the above numbers may be determined in a time-sequential order in which the quantum random key is received. For example, the first quantum random key received by the day server 2 is number one, the second quantum random key is number two, and so on.
Preferably, the client 1, which is the sender of the information to be transmitted, is capable of sending a solicitation request to the server 2 when generating the information to be transmitted, the solicitation request being for soliciting the server 2 for the quantum random key corresponding to the information to be transmitted. The server 2 can acquire the solicitation request in real time and send the quantum random key corresponding to the information to be transmitted to the client 1 that sent the solicitation request.
Preferably, the solicitation request may comprise an identification code of the client 1 that issued the solicitation request.
Preferably, the server 2 is able to send the quantum random key corresponding to the information to be transmitted to the client 1 corresponding to the identification code based on the identification code.
Preferably, in a case where the client 1 as the receiver of the information to be transmitted has acquired the information to be transmitted, the client 1 as the receiver of the information to be transmitted is able to transmit the second masquerading data to the server 2. The second camouflage data at least comprises response data corresponding to the information to be transmitted in the first camouflage data.
The type of the response data may be set according to the needs of the user.
The server 2 can acquire the second masquerading data and masquerade the second masquerading data as third masquerading data based on the obfuscation protocol.
Preferably, the information to be transmitted is used to request the second masquerading data from the client 1 that is the receiving side of the information to be transmitted.
The third camouflage data at least comprises response data corresponding to the information to be transmitted.
In response to the information to be transmitted, the client 1, which is the recipient of the information to be transmitted, can transmit response data corresponding to the first masquerading data to the server 2.
The client 1 as the receiving side of the information to be transmitted can also masquerade the response data based on the confusion protocol to generate second masquerading data.
The server 2 can acquire the second masquerading data and masquerade the second masquerading data as third masquerading data based on the obfuscation protocol.
The third masquerading data can be transmitted by the server 2 to the client 1.
Preferably, the second masquerading data may further include, but is not limited to, response data, a CA digital certificate signing public key, identity information, pseudo-random numbers, quantum random keys, identifiers of masquerading algorithms used by the client 1 that is the receiving party of the information to be transmitted at this time, and the like.
Preferably, the information to be transmitted is used to request the second masquerading data from the client 1 that is the receiving side of the information to be transmitted.
Preferably, the client 1 as the receiving side of the information to be transmitted is also able to encrypt the second masquerading data in an asymmetrically encrypted and symmetrically encrypted manner.
The third camouflage data at least comprises response data corresponding to the information to be transmitted in the first camouflage data.
Preferably, the third masquerading data may also include, but is not limited to, CA digital certificate signing public keys, identity information, pseudo-random numbers, quantum random keys, identifiers of masquerading algorithms used by the present server 2, and the like.
The camouflage and transmission processes of the second camouflage data and the third camouflage data are the same as those of the first camouflage data, so that the camouflage and transmission processes of the second camouflage data and the third camouflage data are not repeated here.
Fig. 1 shows a quantum random number based encryption system. The encryption system comprises at least two clients 1, a server 2 and a quantum random number generator 3. The client 1 can act as a sender or receiver of information to be transmitted. The server 2 is capable of receiving the public key corresponding to the client 1 transmitted by the client 1, and transmitting the public key of the client 1 as a receiver of the information to be transmitted to the client 1 as a sender of the information to be transmitted. The quantum random number generator 3 is capable of sending a quantum random key corresponding to the information to be transmitted to the server 2.
The client 1 as the sender of the information to be transmitted encrypts the information to be transmitted using the quantum random key, and sends the data to be transmitted including the information to be transmitted to the client 1 as the receiver of the information to be transmitted, and the client 1 as the receiver of the information to be transmitted acquires the information to be transmitted through the quantum random key, so as to ensure secure communication between the clients 1.
The invention mainly relies on the quantum random number generator 3 to generate true random numbers. In the process of using the quantum random number/quantum random key, the client 1 of the user may have a situation that the quantum random number has been used and a new quantum random number is not timely distributed to the client 1. In order to ensure normal communication of the client 1, in the case that the client 1 has a quantum random number that has been used and a new quantum random number that has not been issued in time, the client 1 can generate a pseudo-random number by a soft algorithm to temporarily replace the quantum random number/quantum random key that has not been issued in time at the time.
Since the transmitting quantum random number/quantum random key itself only carries information of the random bit string originally prepared for encryption, even if the transmitting quantum random number/quantum random key has been stolen by a data eavesdropper, the data eavesdropper still cannot acquire the actual information to be transmitted (such as highly confidential information). The present invention does not directly send or receive information to be transmitted (such as highly confidential information), but rather sends or receives random bit strings/quantum random keys. Once the client 1 and/or the server 2 find that the transmission of the random bit string/quantum random key is disturbed, the client 1 and/or the server 2 can immediately interrupt the transmission of the information to be transmitted and discard the random bit string/quantum random key, thereby ensuring the security of the information to be transmitted.
The server 2 is capable of receiving the quantum random key in real time.
Each client 1 is able to send a public key corresponding to the client 1 to the server 2.
Preferably, the client 1, which is the sender of the information to be transmitted, is able to encrypt the quantum random key using the public key of the client 1, which is the receiver of the information to be transmitted.
Preferably, the client 1, which is the recipient of the information to be transmitted, is able to receive the information to be transmitted in real time.
Preferably, the client 1, which is the recipient of the information to be transmitted, decrypts the encrypted quantum random key using the public key to obtain the quantum random key. The above-mentioned public key comes from the client 1 as the sender of the information to be transmitted.
Preferably, the client 1 as the receiving side of the information to be transmitted decrypts the information to be transmitted encrypted by the quantum random key using the quantum random key to acquire the information to be transmitted.
For example, the main procedure of the client 1 as the sender of the information to be transmitted to the client 1 as the receiver of the information to be transmitted may be:
S1, after logging in through a client 1A, a user A uploads respective public keys (such as public keys of the client 1A and the client 1B) to a server 2 respectively, and the server 2 encrypts and stores the public keys after receiving the public keys (such as public keys of the client 1A and the client 1B);
S2, the server 2 sends the public key of the client 1B used by the friend B of the user A to the client 1A used by the user A, and the client 1A encrypts and stores the public key of the client 1B locally;
S3, the server 2 receives the quantum random key generated by the quantum random number generator 3 and stores the quantum random key to the server 2;
s4, the server 2 transmits the quantum random key to each client 1 through a bidirectional HTTPS transmission channel;
S5, the client 1 encrypts the information to be transmitted by using a quantum random key and adopting a symmetrical encryption mechanism, encrypts the quantum random key by using a public key of the client 1B, and then sends the data to be transmitted to a receiver (such as the client 1B);
And S6, after the client 1 (such as the client 1B) serving as a receiver of the data to be transmitted receives the data to be transmitted, the client 1 serving as the receiver decrypts the encrypted quantum random key by using the locally stored private key to acquire the quantum random key. Then, the client 1 as the receiving side decrypts the information to be transmitted encrypted by the quantum random key using the above-described quantum random key to acquire the information to be transmitted.
After the user logs in, public key information of the client 1 used by the user is uploaded to the server 2. The uploading process adopts an asymmetric encryption algorithm. The asymmetric encryption algorithm requires two keys to encrypt and decrypt. Wherein the two keys are a public key and a private key respectively. If the data is encrypted using a public key, the encrypted data can be decrypted only using a private key corresponding to the public key. In short, the client 1 can automatically generate the above-described public key and private key locally when the user logs in through the client 1.
The client 1, which is the sender of the information to be transmitted, needs to upload its generated public key to the server 2.
The private key is generated locally (namely, the client 1 which is the sender of the information to be transmitted) and stored locally, and the private key is not transmitted through the Internet, so that the absolute safety of the private key is ensured. After obtaining the public key, the server 2 encrypts and saves the public key to ensure the security of the public key.
When a user adds a friend of the user (e.g., the friend of the user uses the client 1B) through the client 1 (e.g., the client 1A), the server 2 forwards the public key of the client 1 used by the friend stored previously to the client 1 of the user. The client 1 of the current user encrypts and saves the public key of the buddy to the local (e.g., client 1A).
Through the setting mode, when the user communicates with friends of the user through the client 1A and the client 1B, the public key of the friends of the user does not need to be called to the server 2, so that the possibility of leakage of the public key is reduced, and even if the server 2 is attacked and data are leaked, an attacker can only obtain the encrypted secret key (such as the public key) and cannot decrypt the information/data, and finally the aim of ensuring absolute safety of information to be transmitted is achieved.
In addition, the server 2 sends the quantum random key to the client 1 over a bi-directional HTTPS channel. The HTTPS protocol is a network protocol which is constructed by SSL (Secure Sockets Layer secure sockets layer) and HTTP protocol and can carry out encrypted transmission and identity authentication. All communications made by the server 2 and the client 1 based on the HTTPS protocol described above are encrypted. In short, the client 1 first generates a symmetric key and exchanges the key through the credentials of the server 2, i.e. a handshake process in general, and then all information/data traffic is encrypted. Also HTTPS itself may prevent man-in-the-middle attacks because it is self-contained with CA (CERTIFICATE AUTHORITY certificate authority) certificates for verification. A certificate is a digitized file that establishes a relationship between a public key and some entity. It contains version information, serial number, certificate recipient name, issuer name, certificate validity period, public key, digital signature of CA and some other information. Certificates are issued by CAs. The CA can determine the validity period of the certificate. The certificate is signed by the CA. Each certificate has a unique serial number. The serial number of a certificate and the issuer of the certificate can determine the unique identity of a certificate. The unique identity of the certificate can help to confirm the identity of the server 2, so that the quantum random number and the information to be transmitted are finally ensured to be safe.
It should be noted that the above-described embodiments are exemplary, and that a person skilled in the art, in light of the present disclosure, may devise various solutions that fall within the scope of the present disclosure and fall within the scope of the present disclosure. It should be understood by those skilled in the art that the present description and drawings are illustrative and not limiting to the claims. The scope of the invention is defined by the claims and their equivalents. The description of the invention encompasses multiple inventive concepts, such as "preferably," "according to a preferred embodiment," or "optionally," all means that the corresponding paragraph discloses a separate concept, and that the applicant reserves the right to filed a divisional application according to each inventive concept.

Claims (9)

1. An encryption method based on quantum random numbers, characterized in that the method comprises the following steps:
At least two clients (1) send public keys corresponding to the clients (1) from the sender of the information to be transmitted to a server (2), wherein the clients (1) can be used as the sender or the receiver of the information to be transmitted, and the information to be transmitted sent by the clients (1) is transmitted to the clients (1) which are used as the receivers of the information to be transmitted through any one or more servers (2) in a server group;
The server (2) receives the public key corresponding to the client (1) sent by the client (1), and the server (2) sends the public key of the client (1) as the receiver of the information to be transmitted to the client (1) as the sender of the information to be transmitted;
the quantum random number generator (3) can send a quantum random key corresponding to the information to be transmitted to the server (2) when the information to be transmitted is generated, and the server (2) can number the quantum random key and receive the quantum random key according to the number;
A client (1) as a sender of the information to be transmitted can send a request to the server (2) when the information to be transmitted is generated, wherein the request is used for requesting the server (2) for a quantum random key corresponding to the information to be transmitted, and the server (2) sends the quantum random key to the client (1) as the sender of the information to be transmitted;
the client (1) serving as a sender of the information to be transmitted at least masquerades the information to be transmitted in the data to be transmitted based on the confusion protocol, and forms first masquerading data, and the client (1) can add a masquerading request randomly generated by a masquerading algorithm into the first masquerading data.
2. The method according to claim 1, wherein the method further comprises:
The client (1) serving as a sender of information to be transmitted encrypts the information to be transmitted by using the quantum random key, encrypts the quantum random key by using a public key of the client (1) serving as a receiver of the information to be transmitted, and then sends data to be transmitted, which contains the information to be transmitted and the quantum random key, to the client (1) serving as the receiver of the information to be transmitted;
After receiving the data to be transmitted, the client (1) serving as the receiving party of the information to be transmitted decrypts the quantum random key to obtain the quantum random key, and decrypts the information to be transmitted by using the quantum random key to obtain the information to be transmitted.
3. The method according to claim 2, characterized in that the step of sending the data to be transmitted comprising the information to be transmitted and a quantum random key to the client (1) being the recipient of the information to be transmitted comprises:
the server (2) acquires the first disguised data, and analyzes the first disguised data according to the confusion protocol to acquire a real request in the information to be transmitted;
-the server (2) forwarding the first masquerading data to the client (1) of the recipient, corresponding to the real request, as information to be transmitted, based on the real request;
The client (1) serving as a receiver of information to be transmitted acquires the first disguised data forwarded by the server (2);
the client (1) serving as a receiver of the information to be transmitted analyzes the first disguised data forwarded by the server (2) based on the confusion protocol, and acquires the data to be transmitted from the first disguised data.
4. A method according to claim 3, characterized in that the first masquerading data comprises at least information to be transmitted, a quantum random key, a masquerading request and an identifier;
the masquerading request corresponding to the real request in the information to be transmitted is generated by the client (1) as the sender of the information to be transmitted based on the confusion protocol;
The identifier is used to identify a masquerading algorithm used by the client (1) as the sender of the information to be transmitted in generating the masquerading request.
5. The method of claim 4, wherein the method of camouflaging the information to be transmitted comprises:
the client (1) serving as a sender of the information to be transmitted generates the disguised request based on the confusion protocol so as to hide a real request corresponding to the information to be transmitted;
the client (1) as a sender of information to be transmitted merges the information to be transmitted, a quantum random key, a masquerading request, and an identifier corresponding to the masquerading algorithm into the first masquerading data.
6. The method of claim 4, wherein the method of camouflaging information to be transmitted further comprises:
the client (1) serving as a sender of the information to be transmitted performs random filling and/or multi-frequency Bit flow camouflage transmission on the information to be transmitted in the data to be transmitted so as to confuse the information to be transmitted and prevent the information from being deciphered by lawbreakers.
7. Method according to claim 1, characterized in that the server (2) is able to obtain the solicitation request in real time and to send a quantum random key corresponding to the information to be transmitted to the client (1) issuing the solicitation request.
8. Method according to claim 7, characterized in that, in case the client (1) of the recipient as information to be transmitted has acquired the information to be transmitted, the client (1) of the recipient as information to be transmitted is able to send second camouflage data to the server (2), wherein the second camouflage data comprises at least response data corresponding to the information to be transmitted in the first camouflage data.
9. A quantum random number-based encryption system capable of performing the encryption method according to any one of claims 1 to 8, comprising at least:
At least two clients (1) configured to be able to act as sender or receiver of the information to be transmitted;
A server (2) configured to be able to receive a public key corresponding to the client (1) as a sender of information to be transmitted from the client (1), and to transmit the public key of the client (1) as a receiver of the information to be transmitted to the client (1) as the sender of the information to be transmitted;
-a quantum random number generator (3) configured to be able to send to the server (2) a quantum random key corresponding to the information to be transmitted;
The client (1) as a sender of the information to be transmitted can send a request to the server (2) when the information to be transmitted is generated, the request is used for requesting the server (2) for a quantum random key corresponding to the information to be transmitted, and when the server (2) sends the quantum random key to the client (1) as the sender of the information to be transmitted, the client (1) as the sender of the information to be transmitted encrypts the information to be transmitted by using the quantum random key and sends data to be transmitted, which at least comprises the information to be transmitted and the quantum random key, to the client (1) as a receiver of the information to be transmitted, the client (1) as the receiver of the information to be transmitted obtains the information to be transmitted through the quantum random key so as to realize safe communication between the clients (1).
CN202210745366.6A 2022-06-27 2022-06-27 An encryption system and method based on quantum random numbers Active CN115150076B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210745366.6A CN115150076B (en) 2022-06-27 2022-06-27 An encryption system and method based on quantum random numbers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210745366.6A CN115150076B (en) 2022-06-27 2022-06-27 An encryption system and method based on quantum random numbers

Publications (2)

Publication Number Publication Date
CN115150076A CN115150076A (en) 2022-10-04
CN115150076B true CN115150076B (en) 2025-07-01

Family

ID=83409286

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210745366.6A Active CN115150076B (en) 2022-06-27 2022-06-27 An encryption system and method based on quantum random numbers

Country Status (1)

Country Link
CN (1) CN115150076B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115720160B (en) * 2022-11-09 2023-09-01 中创通信技术(深圳)有限公司 Data communication method and system based on quantum key
CN116668133A (en) * 2023-06-06 2023-08-29 平安银行股份有限公司 Data encryption transmission method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109450931A (en) * 2018-12-14 2019-03-08 北京知道创宇信息技术有限公司 A kind of secure internet connection method, apparatus and PnP device
CN109639407A (en) * 2018-12-28 2019-04-16 浙江神州量子通信技术有限公司 A method of information is encrypted and decrypted based on quantum network

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103312689B (en) * 2013-04-08 2017-05-24 西安电子科技大学 Network hiding method for computer and network hiding system based on method
CN103490891B (en) * 2013-08-23 2016-09-07 中国科学技术大学 Key updating and the method for use in a kind of electrical network SSL VPN
US9356915B2 (en) * 2014-01-27 2016-05-31 Avaya Inc. Enhancing privacy by obscuring traversal using relays around network address translator (TURN) connections, and related methods, systems, and computer-readable media
CN108090370B (en) * 2018-01-10 2021-03-16 河南芯盾网安科技发展有限公司 Instant communication encryption method and system based on index
CN110881019A (en) * 2018-09-06 2020-03-13 北京思源理想控股集团有限公司 Secure communication terminal, secure communication system and communication method thereof
CN113765940A (en) * 2021-11-08 2021-12-07 北京华云安信息技术有限公司 Flow obfuscation method, device and equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109450931A (en) * 2018-12-14 2019-03-08 北京知道创宇信息技术有限公司 A kind of secure internet connection method, apparatus and PnP device
CN109639407A (en) * 2018-12-28 2019-04-16 浙江神州量子通信技术有限公司 A method of information is encrypted and decrypted based on quantum network

Also Published As

Publication number Publication date
CN115150076A (en) 2022-10-04

Similar Documents

Publication Publication Date Title
US8307208B2 (en) Confidential communication method
WO2021109756A1 (en) Proxy anonymous communication method based on homomorphic encryption scheme
US20110154036A1 (en) Method For Implementing Encryption And Transmission of Information and System Thereof
CN117692226A (en) An industrial Internet data transmission method and system
JP2022521525A (en) Cryptographic method for validating data
Thakur et al. A comprehensive review of wireless security protocols and encryption applications
CN115150076B (en) An encryption system and method based on quantum random numbers
CN111049738B (en) E-mail data security protection method based on hybrid encryption
Amellal et al. Quantum Man-in-the-Middle Attacks on QKD Protocols: Proposal of a Novel Attack Strategy
Chatzigeorgiou et al. A communication gateway architecture for ensuring privacy and confidentiality in incident reporting
GB2488753A (en) Encrypted communication
Tian et al. A Survey on Data Integrity Attacks and DDoS Attacks in Cloud Computing
Ghali et al. (The futility of) data privacy in content-centric networking
CN116707798B (en) A method, device and system for ciphertext review based on equivalence test
CN117749909A (en) Data transmission method, data processing method and computer equipment
Song et al. Cryptographic analysis of delta chat
Nithya et al. An Analysis on Cryptographic Algorithms for Handling Network Security Threats
CN114945170A (en) Mobile terminal file transmission method based on commercial cipher algorithm
CN114866220B (en) A data transmission device and method based on protocol obfuscation rule camouflage
Rawdhan et al. Enhancement of Email Security Services
Dubey et al. An interdependency between symmetric ciphers and hash functions: a survey
Bhatt et al. Secured Multi-Platform Communication Application Using Advanced Encryption Standard Algorithm
Dolnák Secure mutual exchange of messages between network nodes inspired by security technologies for electronic mail exchange
Eteng A Multilayer Secured Messaging Protocol for REST-based Services
Gupta A Secure Communication Schema Using Hashed Addresses

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant